Skip to content.
|Networking government in New Zealand.
You are here: Home » Policies » Trusted Computing & DRM » Principles and Policies » Glossary

Glossary

Access
Access refers to the ability to use information. Access has not fully occurred if essential elements of the information’s presentation – formatting and layout that in some way contributes to the meaning or usefulness of the information - have not been reconstructed.
Agencies
Agencies in the context of this document are organisations in the executive branch of government, whether at central or local level. 'Agencies' includes contractors and other parties acting on an agency’s behalf.
Digital Rights Management
Digital rights management (DRM) is a set of technologies designed to apply and enforce persistent access restrictions to digital information, as specified by the information provider. Digital rights management can regulate the types of actions that can be done with information (for example, view, print, copy or modify) and the time frame in which that information remains accessible.
DRM restrictions may be identity based (e.g. "User A" can view the contents but not modify them) or apply to all users (e.g. the content can be viewed by anyone but only until the end of the month). Other examples include limiting who can view, modify, print or copy the information, when access to the information expires, and what operating platforms the information can be used on.
The restrictions are persistent in the sense that they are designed to be inextricably bound to the information. DRM restrictions are unlike file-system based controls in that they are enforced regardless of the storage method or platform that the information is accessed from.
Examples of information not regarded as being DRM-restricted include:
  • Information held in a network file system that restricts access based on an ACL (access control list). If a user has access rights, they can copy the information to a location where the ACL is not enforced.
  • A document held in a DMS (document management system), for which a user with access rights can open the document and save a copy to an unrestricted area outside of the DMS.
In both of the above examples, the restrictions are not inextricably bound to the information. When the information is moved from the system in which it is stored, the restrictions do not persist.
Mere encryption of information (e.g. encrypted emails) is not deemed to constitute DRM. It is only when decryption depends on software that enforces any form of access restrictions (e.g. prevents modification of the contents, or copying or saving of the unencrypted information) that DRM is deemed to be applied.
Encumbrance
'Encumbrance' refers to restrictions on the rights to use information.
Information
For the purposes of this document, 'information' is deemed to include data.
Integrity
For the purposes of this document, 'integrity' is used in the wider sense of the word, meaning, "the state of being unimpaired; soundness" (source: The American Heritage Dictionary of the English Language, Fourth Edition). This definition therefore includes qualities such as availability and confidentiality. It is not limited to the narrower technical meaning of assurance that information has not been altered or destroyed in an unauthorised manner.
Public Business
'Public Business' refers to any activity carried on by a government agency, in accordance with its statutory or other government-directed responsibilities.
Restrictions
Limitations on access to information, enforced through technology, e.g. copying prevented.
Rights
Generally refers to the particular types of access granted to information when access to the information has been restricted through the use of TC/DRM encumbrances.
Solution
A combination of people, processes and technologies to satisfy a business need. It may consist of more than one system.
TC/DRM
Trusted computing and/or digital rights management, functioning separately or working together.
Trusted Computing
There is much debate amongst experts and informed commentators about the definition for "trusted computing". The following definition - used for the purposes of these principles and policies - seeks to incorporate wording about which there is general (but not necessarily universal) agreement.
Trusted computing is a combination of software and hardware supporting applications to ensure that data cannot be accessed unless the user's system is operating as expected and has not been tampered with.
Trusted computing entails some or all of the following capabilities:
  • Process isolation, so that one process cannot access the memory of another.
  • Data encryption, key storage and other cryptographic functions.
  • Secure paths between the secure processing area and the keyboard and video display.
  • Attestation, a mechanism for validating aspects of the software and hardware configuration locally or across a network.
Trusted computing also generally includes a unique public key pair and certificate chain, bound to the computer, so that the computer can be identified and authenticated.
Trusted computing architecture could be implemented in a range of ways, and one example of this would be based on the specifications of the Trusted Computing Group (TCG). A key element of the TCG architecture is the Trusted Platform Module (TPM), a specialised chip containing the cryptographic keys, access to protected storage and the functions to measure and attest to the computer's integrity and trustworthiness.

[ Previous ]